[Resolvido!]Virtumonde

Boa Tarde! Nemesys

<@> Abra o Spybot Search & Destroy!

<@> No menu superior,vá em Modo e selecione a opção Avançado. Confirme!

<@> Clique no botão Ferramentas e depois em Residente.

<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( *Proteção **geral** das configurações de sistema* )

--------------------------

<@> Faça o download do ComboFix.exe.

<@> Baixe-o para o Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

<@> Abrirá a janela Auto Scan. Aguarde!

<@> Digite a opção para continuar! >> Enter

<@> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado!

<@> Para parar ou sair do ComboFix,tecle "N".

----------------------

<@> Poste os relatórios: C:\ComboFix.txt + Log do HJT,atualizado.

Abraços!

Log do ComboFix:

ComboFix 08-08-27.06 - Caco 2008-08-28 13:59:58.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1592 [GMT -4:00]

Executando de: C:\Documents and Settings\Caco\Desktop\kOMBO.EXE.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\PCHealthCenter

C:\Arquivos de programas\PCHealthCenter\0.exe

C:\Arquivos de programas\PCHealthCenter\0.gif

C:\Arquivos de programas\PCHealthCenter\1.exe

C:\Arquivos de programas\PCHealthCenter\1.gif

C:\Arquivos de programas\PCHealthCenter\1.ico

C:\Arquivos de programas\PCHealthCenter\2.exe

C:\Arquivos de programas\PCHealthCenter\2.gif

C:\Arquivos de programas\PCHealthCenter\2.ico

C:\Arquivos de programas\PCHealthCenter\3.exe

C:\Arquivos de programas\PCHealthCenter\3.gif

C:\Arquivos de programas\PCHealthCenter\4.exe

C:\Arquivos de programas\PCHealthCenter\5.exe

C:\Arquivos de programas\PCHealthCenter\7.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions

C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\as2008xp.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\LOG\20080827080630718.log

C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\LOG\20080827082420796.log

C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\LOG\20080827191709875.log

C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\LOG\20080827193146140.log

C:\Documents and Settings\Caco\Dados de aplicativos\Adobe\crc.dat

C:\update.exe

C:\WINDOWS\system32\AdggQXbc.ini

C:\WINDOWS\system32\AdggQXbc.ini2

C:\WINDOWS\system32\cbXPggGV.dll

C:\WINDOWS\system32\cbXQggdA.dll

C:\WINDOWS\system32\efcAPgfc.dll

C:\WINDOWS\system32\gsgxpz.dll

C:\WINDOWS\system32\ilwmmh.dll

C:\WINDOWS\system32\mmx31236.dll

C:\WINDOWS\system32\mx31236.dll

C:\WINDOWS\system32\ofudcawn.dll

C:\WINDOWS\system32\sjscwceg.ini

C:\WINDOWS\system32\tcbgscox.ini

C:\WINDOWS\system32\wigaqsme.dll

----- BITS: Sites possivelmente infetados -----

http://hqsextube08.com

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))

.

2008-08-28 09:00 . 2008-08-28 10:58 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-28 08:59 . 2008-08-23 09:28	<DIR>	d--h-----	C:\Documents and Settings\LogMeInRemoteUser\Modelos

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	d--------	C:\Documents and Settings\LogMeInRemoteUser\Meus documentos

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	dr-------	C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	d--------	C:\Documents and Settings\LogMeInRemoteUser\Favoritos

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	dr-h-----	C:\Documents and Settings\LogMeInRemoteUser\Dados de aplicativos

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	d--h-----	C:\Documents and Settings\LogMeInRemoteUser\Configura‡äes locais

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	d--h-----	C:\Documents and Settings\LogMeInRemoteUser\Ambiente de rede

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	d--h-----	C:\Documents and Settings\LogMeInRemoteUser\Ambiente de impressÆo

2008-08-28 08:59 . 2008-08-28 13:39	<DIR>	d--------	C:\Documents and Settings\LogMeInRemoteUser

2008-08-28 06:04 . 2008-08-28 06:04 103,552 --a------ C:\WINDOWS\system32\gecwcsjs.dll

2008-08-28 00:09 . 2008-08-28 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn

2008-08-28 00:09 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll

2008-08-28 00:09 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll

2008-08-28 00:09 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2008-08-28 00:09 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll

2008-08-28 00:08 . 2008-08-28 00:09 <DIR> d-------- C:\Arquivos de programas\LogMeIn

2008-08-28 00:08 . 2008-08-28 00:08 1,024 --a------ C:\.rnd

2008-08-27 23:53 . 2008-08-27 23:53 <DIR> d-------- C:\Arquivos de programas\SymNetDrv

2008-08-27 19:55 . 2008-08-27 19:55 86 --a------ C:\WINDOWS\wininit.ini

2008-08-27 19:35 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\2.ico

2008-08-27 19:22 . 2008-08-27 19:22 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys

2008-08-27 19:21 . 2008-08-27 19:32	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\Symantec

2008-08-27 19:21 . 2008-08-27 19:21	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\AdobeUM

2008-08-27 19:21 . 2008-08-27 19:32	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-08-27 19:21 . 2008-08-27 23:53	<DIR>	d--------	C:\Arquivos de programas\Symantec

2008-08-27 19:21 . 2008-08-27 23:55	<DIR>	d--------	C:\Arquivos de programas\Norton AntiVirus

2008-08-27 19:21 . 2008-08-28 06:11	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-08-27 19:21 . 2006-09-15 22:52 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-08-27 19:21 . 2006-09-15 22:52 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-08-27 19:18 . 2008-08-27 19:18 <DIR> d-------- C:\Arquivos de programas\MSA

2008-08-27 19:18 . 2008-08-26 17:23 167,424 --a------ C:\WINDOWS\system32\MSA.cpl

2008-08-27 19:18 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\1.ico

2008-08-27 08:06 . 2008-08-28 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\services

2008-08-27 08:01 . 2008-08-27 08:02 7,238 --a------ C:\wmcodec_update.exe

2008-08-27 08:00 . 2008-08-27 08:00	<DIR>	d--------	C:\WINDOWS\Elven Mists 2

2008-08-27 08:00 . 2008-08-27 08:00	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\Intenium

2008-08-26 22:11 . 2008-08-26 22:11	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\Thunderbird

2008-08-26 22:11 . 2008-08-26 22:11	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\Talkback

2008-08-26 22:11 . 2008-08-28 09:11	<DIR>	d--------	C:\Arquivos de programas\Mozilla Thunderbird

2008-08-26 20:45 . 2008-08-26 20:45 2,291,712 --a------ C:\WINDOWS\system32\TUKernel.exe

2008-08-26 20:36 . 2008-08-26 20:36 <DIR> d-------- C:\Arquivos de programas\PowerQuest

2008-08-26 20:30 . 2006-12-19 16:53 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-08-26 20:29 . 2008-08-26 20:29	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\TuneUp Software

2008-08-26 20:29 . 2008-08-26 20:48	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

2008-08-26 20:29 . 2008-08-26 20:39	<DIR>	d--------	C:\Arquivos de programas\TuneUp Utilities 2007

2008-08-26 20:29 . 2008-08-26 20:29	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-08-26 20:28 . 2008-08-26 20:28	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-26 20:28 . 2008-08-26 20:28	<DIR>	d--------	C:\Arquivos de programas\Ahead

2008-08-26 20:28 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-08-26 20:28 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-08-26 20:28 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-08-26 20:28 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-08-26 20:28 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-08-26 20:28 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

2008-08-26 20:28 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-08-26 20:28 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

2008-08-26 20:27 . 2008-08-26 20:27	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\ACD Systems

2008-08-26 20:26 . 2008-08-26 20:26	<DIR>	d--------	C:\Arquivos de programas\ACD Systems

2008-08-25 18:44 . 2008-08-25 18:44	<DIR>	d--------	C:\Arquivos de programas\ReflexiveArcade

2008-08-24 19:01 . 2008-08-24 19:02	<DIR>	d--------	C:\WINDOWS\system32\Adobe

2008-08-24 18:13 . 2008-08-26 15:28	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\Skype

2008-08-24 18:13 . 2008-08-24 18:13	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-08-24 18:13 . 2008-08-24 18:13	<DIR>	d--------	C:\Arquivos de programas\Skype

2008-08-24 18:13 . 2008-08-24 18:13	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Skype

2008-08-24 18:04 . 2008-08-27 23:54	<DIR>	d--------	C:\Jogos

2008-08-24 18:04 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-08-24 14:42 . 2008-08-24 14:42	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\Media Player Classic

2008-08-24 09:47 . 2008-08-24 09:47	<DIR>	d--------	C:\Arquivos de programas\PluginLetras

2008-08-24 08:46 . 2008-08-24 08:47	<DIR>	d--------	C:\Arquivos de programas\DAEMON Tools Toolbar

2008-08-24 08:46 . 2008-08-24 08:47	<DIR>	d--------	C:\Arquivos de programas\DAEMON Tools Lite

2008-08-24 00:29 . 2008-08-24 00:29	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-08-24 00:29 . 2008-08-24 00:29	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-08-24 00:29 . 2008-08-26 20:41	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-24 00:25 . 2008-08-24 00:27	<DIR>	d--------	C:\Arquivos de programas\BitLord

2008-08-24 00:22 . 2008-08-24 08:50	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-08-24 00:22 . 2008-08-24 00:22	<DIR>	d--------	C:\Arquivos de programas\Spybot - Search & Destroy

2008-08-24 00:19 . 2008-08-24 00:19	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\DAEMON Tools

2008-08-24 00:19 . 2008-08-24 00:20 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-08-24 00:16 . 2008-08-25 14:27	<DIR>	d--------	C:\Documents and Settings\Caco\Contacts

2008-08-24 00:16 . 2008-08-24 00:16	<DIR>	d--------	C:\Arquivos de programas\K-Lite Codec Pack

2008-08-23 23:04 . 2008-08-23 23:04 421 --a------ C:\WINDOWS\ODBC.INI

2008-08-23 23:03 . 2008-08-23 23:03	<DIR>	d--------	C:\WINDOWS\SHELLNEW

2008-08-23 23:03 . 2008-08-23 23:03	<DIR>	d--------	C:\Arquivos de programas\Microsoft Works

2008-08-23 23:03 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-08-23 23:01 . 2008-08-23 23:01	<DIR>	dr-h-----	C:\MSOCache

2008-08-23 22:15 . 2008-08-23 22:20	<DIR>	d--hsc---	C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-08-23 22:14 . 2008-08-23 22:14	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-08-23 22:14 . 2008-08-23 22:20	<DIR>	d--------	C:\Arquivos de programas\Windows Live

2008-08-23 22:12 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-08-23 22:12 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-08-23 22:12 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-08-23 22:07 . 2008-08-23 22:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-08-23 22:07 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-08-23 22:07 . 2003-03-18 16:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll

2008-08-23 22:07 . 2003-02-21 00:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll

2008-08-23 22:04 . 2008-08-23 22:04 0 --a------ C:\WINDOWS\nsreg.dat

2008-08-23 22:01 . 2008-08-23 22:01 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Creative

2008-08-23 21:59 . 2000-05-22 04:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx

2008-08-23 21:59 . 1999-10-10 21:00 41,984 --------- C:\WINDOWS\Ctregrun.exe

2008-08-23 21:55 . 2008-08-23 21:55 <DIR> d-------- C:\WINDOWS\system32\Data

2008-08-23 21:54 . 2004-02-18 09:52 176,128 --a------ C:\WINDOWS\system32\USBAudio.cpl

2008-08-23 21:54 . 2004-03-25 09:21 135,168 --a------ C:\WINDOWS\system32\USBAudio.crl

2008-08-23 21:54 . 2003-12-17 15:59 46,731 --a------ C:\WINDOWS\system32\usbaudio.chm

2008-08-23 21:54 . 2003-04-01 19:38 692 --a------ C:\WINDOWS\system32\USBAudio.cpl.manifest

2008-08-23 21:53 . 2008-08-23 21:59 <DIR> d-------- C:\Arquivos de programas\Creative

2008-08-23 21:53 . 2003-03-05 12:19 15,840 --a------ C:\WINDOWS\system32\drivers\PfModNT.sys

2008-08-23 21:50 . 2008-08-23 22:01 <DIR> d-------- C:\WINDOWS\nview

2008-08-23 21:50 . 2007-04-19 14:14 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-08-23 21:50 . 2007-04-19 00:26 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-08-23 21:50 . 2008-08-28 11:30 88,723 --a------ C:\WINDOWS\system32\nvapps.xml

2008-08-23 21:50 . 2007-04-19 00:26 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-08-23 21:47 . 2008-08-23 21:47	<DIR>	d--------	C:\Arquivos de programas\JPEG Camera

2008-08-23 21:45 . 2008-08-23 21:45	<DIR>	d---s----	C:\Documents and Settings\Caco\UserData

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-27 00:37 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-27 00:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-23 13:42 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-08-23 13:42 --------- d-----w C:\Arquivos de programas\Realtek

2008-08-23 13:40 --------- d-----w C:\Arquivos de programas\Intel

2008-08-23 13:31 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-08-23 13:30 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-23 13:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-05-28 16:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll

2008-05-28 16:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"BitComet"="C:\Arquivos de programas\BitLord\BitLord.exe" [2005-05-06 20:47 2224128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 00:26 7700480]

"LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=ilwmmh.dll gsgxpz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Speed Launcher.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk

backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2091865e]

--a------ 2008-08-28 06:04 103552 C:\WINDOWS\system32\gecwcsjs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

--a------ 2004-12-14 02:12 483328 C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antivirus]

--a------ 2008-08-26 17:22 416768 C:\Arquivos de programas\MSA\MSA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2007-02-21 16:50 58984 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

--a------ 2003-09-17 10:43 57344 C:\Arquivos de programas\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-07-24 11:02 490952 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-04-19 00:26 7700480 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-04-19 00:26 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-07-02 17:10 23237416 C:\Arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-07-07 09:42 2156368 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

--a------ 2004-11-04 14:59 218240 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\usrprmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2008-08-27 23:53 100056 C:\ARQUIV~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

--------- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 06:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-04-19 00:26 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-10-24 23:57 16855552 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2007-10-10 23:04 1826816 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\BitLord\\BitLord.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 17:57]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:45]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-10-31 20:56]

R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-08-13 16:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Conte£do da pasta 'Tarefas Agendadas'

2008-08-27 C:\WINDOWS\Tasks\1-Click Maintenance.job

• C:\Arquivos de programas\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53]

2008-08-28 C:\WINDOWS\Tasks\Norton AntiVirus - Verificar o meu computador - Caco.job

• C:\ARQUIV~1\NORTON~1\Navw32.exe [2005-07-18 16:16]

.

• - - - ORFAOS REMOVIDOS - - - -

SSODL-pdoskegl-{7E97518F-E349-485F-8031-F9C2ACE5F5E2} - C:\WINDOWS\pdoskegl.dll

MSConfigStartUp-Run - C:\Documents and Settings\Caco\Dados de aplicativos\Adobe\Manager.exe

MSConfigStartUp-s9201 - C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\as2008xp.exe

MSConfigStartUp-Waiting1690 - C:\Windows\stid1690.exe

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Caco\Dados de aplicativos\Mozilla\Firefox\Profiles\q8btqxig.default\

FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-28 14:04:35

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCSETMGR.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\CTSVCCDA.EXE

C:\Arquivos de programas\LogMeIn\x86\ramaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Norton AntiVirus\NAVAPSVC.EXE

C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMNTOR.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCEVTMGR.EXE

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\taskmgr.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-08-28 14:17:39 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-08-28 18:17:36

Pre-Run: 7 pasta(s) 92,694,446,080 bytes disponíveis

Post-Run: 10 pasta(s) 92,661,202,944 bytes dispon¡veis

328

*****************

Log do HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 14:19:40, on 28/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Caco\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitLord\BitLord.exe"

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219543772266

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: ilwmmh.dll gsgxpz.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

Valew!

Boa Tarde! Nemesys

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

<!> Para a segurança do PC,vamos providenciar a instalação do Console de Recuperação.

------------------------

<!> Vá ao site da Microsoft: < Link >

<!> Selecione o download,que seja adequado,ao seu Sistema Operacional!

/applications/core/interface/imageproxy/imageproxy.php?img=http://img230.imageshack.us/img230/8195/crecuperacaorz4.jpg&key=e973bd99790a831be25577b2bfcf6abe6a6c88699d4862118ce718e178c84631" alt="crecuperacaorz4.jpg" />

<!> Faça o download,do arquivo,e salve-o no seu desktop.

<!> Feche todos os programas,que estejam abertos!

<!> Feche,também,seus programas de proteção! ( Antivírus,Antispywares e Firewall )

<!> Arraste o setup,baixado do site da Microsoft,para o interior do ComboFix.exe.

<!> Veja,abaixo,a demonstração!

/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v666/sUBs/RC1-4.gif&key=38480ac5b6bdf210618cc0929de8191df21db2a4de33c1abef46a419a9568710" alt="RC1-4.gif" />

<!> Siga as mensagens que aparecem na tela,para iniciar o ComboFix.

<!> Aceite o contrato de licença,para instalar o "Console de Recuperação da Microsoft".

<!> Na próxima mensagem,clique em "Yes",para realizar um scan com o ComboFix.

/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v706/ried7/RC_whatnext.gif&key=80f1d93d8b2c22826f744fc5d5caec98024ba672d0807382a428a1400549bcd4" alt="RC_whatnext.gif" />

<!> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

ComboFix:

ComboFix 08-08-27.06 - Caco 2008-08-28 19:24:38.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1650 [GMT -4:00]

Executando de: C:\Documents and Settings\Caco\Desktop\kOMBO.EXE.exe

Command switches used :: C:\Documents and Settings\Caco\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))

.

2008-08-28 14:17 . 2008-08-28 14:17	<DIR>	d--------	C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-08-28 14:17 . 2008-08-28 14:17	<DIR>	d--------	C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-08-28 14:17 . 2008-08-28 14:17	<DIR>	d--------	C:\Documents and Settings\LogMeInRemoteUser\Configuraþ§es locais

2008-08-28 14:17 . 2008-08-28 14:17	<DIR>	d--------	C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-08-28 14:17 . 2008-08-28 14:17	<DIR>	d--------	C:\Documents and Settings\Caco\Configuraþ§es locais

2008-08-28 09:00 . 2008-08-28 14:24 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-28 08:59 . 2008-08-23 09:28	<DIR>	d--h-----	C:\Documents and Settings\LogMeInRemoteUser\Modelos

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	d--------	C:\Documents and Settings\LogMeInRemoteUser\Meus documentos

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	dr-------	C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	d--------	C:\Documents and Settings\LogMeInRemoteUser\Favoritos

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	dr-h-----	C:\Documents and Settings\LogMeInRemoteUser\Dados de aplicativos

2008-08-28 08:59 . 2008-08-28 19:25	<DIR>	d--h-----	C:\Documents and Settings\LogMeInRemoteUser\Configurações locais

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	d--h-----	C:\Documents and Settings\LogMeInRemoteUser\Ambiente de rede

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	d--h-----	C:\Documents and Settings\LogMeInRemoteUser\Ambiente de impressão

2008-08-28 08:59 . 2008-08-28 15:07	<DIR>	d--------	C:\Documents and Settings\LogMeInRemoteUser

2008-08-28 06:04 . 2008-08-28 06:04 103,552 --a------ C:\WINDOWS\system32\gecwcsjs.dll

2008-08-28 00:09 . 2008-08-28 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn

2008-08-28 00:09 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll

2008-08-28 00:09 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll

2008-08-28 00:09 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2008-08-28 00:09 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll

2008-08-28 00:08 . 2008-08-28 00:09 <DIR> d-------- C:\Arquivos de programas\LogMeIn

2008-08-28 00:08 . 2008-08-28 00:08 1,024 --a------ C:\.rnd

2008-08-27 23:53 . 2008-08-27 23:53 <DIR> d-------- C:\Arquivos de programas\SymNetDrv

2008-08-27 19:55 . 2008-08-27 19:55 86 --a------ C:\WINDOWS\wininit.ini

2008-08-27 19:35 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\2.ico

2008-08-27 19:22 . 2008-08-27 19:22 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys

2008-08-27 19:21 . 2008-08-27 19:32	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\Symantec

2008-08-27 19:21 . 2008-08-27 19:21	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\AdobeUM

2008-08-27 19:21 . 2008-08-27 19:32	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-08-27 19:21 . 2008-08-27 23:53	<DIR>	d--------	C:\Arquivos de programas\Symantec

2008-08-27 19:21 . 2008-08-27 23:55	<DIR>	d--------	C:\Arquivos de programas\Norton AntiVirus

2008-08-27 19:21 . 2008-08-28 06:11	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-08-27 19:21 . 2006-09-15 22:52 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-08-27 19:21 . 2006-09-15 22:52 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-08-27 19:18 . 2008-08-27 19:18 <DIR> d-------- C:\Arquivos de programas\MSA

2008-08-27 19:18 . 2008-08-26 17:23 167,424 --a------ C:\WINDOWS\system32\MSA.cpl

2008-08-27 19:18 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\1.ico

2008-08-27 08:06 . 2008-08-28 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\services

2008-08-27 08:01 . 2008-08-27 08:02 7,238 --a------ C:\wmcodec_update.exe

2008-08-27 08:00 . 2008-08-27 08:00	<DIR>	d--------	C:\WINDOWS\Elven Mists 2

2008-08-27 08:00 . 2008-08-27 08:00	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\Intenium

2008-08-26 22:11 . 2008-08-26 22:11	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\Thunderbird

2008-08-26 22:11 . 2008-08-26 22:11	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\Talkback

2008-08-26 22:11 . 2008-08-28 09:11	<DIR>	d--------	C:\Arquivos de programas\Mozilla Thunderbird

2008-08-26 20:45 . 2008-08-26 20:45 2,291,712 --a------ C:\WINDOWS\system32\TUKernel.exe

2008-08-26 20:36 . 2008-08-26 20:36 <DIR> d-------- C:\Arquivos de programas\PowerQuest

2008-08-26 20:30 . 2006-12-19 16:53 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-08-26 20:29 . 2008-08-26 20:29	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\TuneUp Software

2008-08-26 20:29 . 2008-08-26 20:48	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

2008-08-26 20:29 . 2008-08-26 20:39	<DIR>	d--------	C:\Arquivos de programas\TuneUp Utilities 2007

2008-08-26 20:29 . 2008-08-26 20:29	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-08-26 20:28 . 2008-08-26 20:28	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-26 20:28 . 2008-08-26 20:28	<DIR>	d--------	C:\Arquivos de programas\Ahead

2008-08-26 20:28 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-08-26 20:28 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-08-26 20:28 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-08-26 20:28 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-08-26 20:28 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-08-26 20:28 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

2008-08-26 20:28 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-08-26 20:28 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

2008-08-26 20:27 . 2008-08-26 20:27	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\ACD Systems

2008-08-26 20:26 . 2008-08-26 20:26	<DIR>	d--------	C:\Arquivos de programas\ACD Systems

2008-08-25 18:44 . 2008-08-25 18:44	<DIR>	d--------	C:\Arquivos de programas\ReflexiveArcade

2008-08-24 19:01 . 2008-08-24 19:02	<DIR>	d--------	C:\WINDOWS\system32\Adobe

2008-08-24 18:13 . 2008-08-26 15:28	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\Skype

2008-08-24 18:13 . 2008-08-24 18:13	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-08-24 18:13 . 2008-08-24 18:13	<DIR>	d--------	C:\Arquivos de programas\Skype

2008-08-24 18:13 . 2008-08-24 18:13	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Skype

2008-08-24 18:04 . 2008-08-28 14:29	<DIR>	d--------	C:\Jogos

2008-08-24 18:04 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-08-24 14:42 . 2008-08-24 14:42	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\Media Player Classic

2008-08-24 09:47 . 2008-08-24 09:47	<DIR>	d--------	C:\Arquivos de programas\PluginLetras

2008-08-24 08:46 . 2008-08-24 08:47	<DIR>	d--------	C:\Arquivos de programas\DAEMON Tools Toolbar

2008-08-24 08:46 . 2008-08-24 08:47	<DIR>	d--------	C:\Arquivos de programas\DAEMON Tools Lite

2008-08-24 00:29 . 2008-08-24 00:29	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-08-24 00:29 . 2008-08-24 00:29	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-08-24 00:29 . 2008-08-26 20:41	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-24 00:25 . 2008-08-24 00:27	<DIR>	d--------	C:\Arquivos de programas\BitLord

2008-08-24 00:22 . 2008-08-24 08:50	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-08-24 00:22 . 2008-08-24 00:22	<DIR>	d--------	C:\Arquivos de programas\Spybot - Search & Destroy

2008-08-24 00:19 . 2008-08-24 00:19	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\DAEMON Tools

2008-08-24 00:19 . 2008-08-24 00:20 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-08-24 00:16 . 2008-08-25 14:27	<DIR>	d--------	C:\Documents and Settings\Caco\Contacts

2008-08-24 00:16 . 2008-08-24 00:16	<DIR>	d--------	C:\Arquivos de programas\K-Lite Codec Pack

2008-08-23 23:04 . 2008-08-23 23:04 421 --a------ C:\WINDOWS\ODBC.INI

2008-08-23 23:03 . 2008-08-23 23:03	<DIR>	d--------	C:\WINDOWS\SHELLNEW

2008-08-23 23:03 . 2008-08-23 23:03	<DIR>	d--------	C:\Arquivos de programas\Microsoft Works

2008-08-23 23:03 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-08-23 23:01 . 2008-08-23 23:01	<DIR>	dr-h-----	C:\MSOCache

2008-08-23 22:15 . 2008-08-23 22:20	<DIR>	d--hsc---	C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-08-23 22:14 . 2008-08-23 22:14	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-08-23 22:14 . 2008-08-23 22:20	<DIR>	d--------	C:\Arquivos de programas\Windows Live

2008-08-23 22:12 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-08-23 22:12 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-08-23 22:12 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-08-23 22:07 . 2008-08-23 22:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-08-23 22:07 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-08-23 22:07 . 2003-03-18 16:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll

2008-08-23 22:07 . 2003-02-21 00:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll

2008-08-23 22:04 . 2008-08-23 22:04 0 --a------ C:\WINDOWS\nsreg.dat

2008-08-23 22:01 . 2008-08-23 22:01 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Creative

2008-08-23 21:59 . 2000-05-22 04:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx

2008-08-23 21:59 . 1999-10-10 21:00 41,984 --------- C:\WINDOWS\Ctregrun.exe

2008-08-23 21:55 . 2008-08-23 21:55 <DIR> d-------- C:\WINDOWS\system32\Data

2008-08-23 21:54 . 2004-02-18 09:52 176,128 --a------ C:\WINDOWS\system32\USBAudio.cpl

2008-08-23 21:54 . 2004-03-25 09:21 135,168 --a------ C:\WINDOWS\system32\USBAudio.crl

2008-08-23 21:54 . 2003-12-17 15:59 46,731 --a------ C:\WINDOWS\system32\usbaudio.chm

2008-08-23 21:54 . 2003-04-01 19:38 692 --a------ C:\WINDOWS\system32\USBAudio.cpl.manifest

2008-08-23 21:53 . 2008-08-23 21:59 <DIR> d-------- C:\Arquivos de programas\Creative

2008-08-23 21:53 . 2003-03-05 12:19 15,840 --a------ C:\WINDOWS\system32\drivers\PfModNT.sys

2008-08-23 21:50 . 2008-08-23 22:01 <DIR> d-------- C:\WINDOWS\nview

2008-08-23 21:50 . 2007-04-19 14:14 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-08-23 21:50 . 2007-04-19 00:26 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-08-23 21:50 . 2008-08-28 14:06 88,723 --a------ C:\WINDOWS\system32\nvapps.xml

2008-08-23 21:50 . 2007-04-19 00:26 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-08-23 21:47 . 2008-08-23 21:47	<DIR>	d--------	C:\Arquivos de programas\JPEG Camera

2008-08-23 21:45 . 2008-08-23 21:45	<DIR>	d---s----	C:\Documents and Settings\Caco\UserData

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-27 00:37 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-27 00:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-23 13:42 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-08-23 13:42 --------- d-----w C:\Arquivos de programas\Realtek

2008-08-23 13:40 --------- d-----w C:\Arquivos de programas\Intel

2008-08-23 13:31 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-08-23 13:30 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-23 13:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-05-28 16:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll

2008-05-28 16:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll

.

((((((((((((((((((((((((((((( snapshot@2008-08-28_14.06.57.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-08-28 18:36:58 3,262 ----a-r C:\WINDOWS\Installer\{CC419DDC-E0F0-4013-B25A-6FA036516F0D}\nfs_icon.exe

+ 2007-01-08 19:30:42 15,128 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_1.dll

+ 2007-03-12 20:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll

+ 2007-05-16 20:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll

+ 2007-03-15 20:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll

+ 2007-05-16 20:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll

+ 2007-03-12 20:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll

+ 2007-05-16 20:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll

+ 2007-03-05 16:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll

+ 2007-06-21 00:45:20 18,280 ----a-w C:\WINDOWS\system32\x3daudio1_2.dll

+ 2007-01-24 19:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll

+ 2007-04-04 22:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll

+ 2007-06-21 00:46:04 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll

+ 2007-04-04 22:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"BitComet"="C:\Arquivos de programas\BitLord\BitLord.exe" [2005-05-06 20:47 2224128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 00:26 7700480]

"LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=ilwmmh.dll gsgxpz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Speed Launcher.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk

backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2091865e]

--a------ 2008-08-28 06:04 103552 C:\WINDOWS\system32\gecwcsjs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

--a------ 2004-12-14 02:12 483328 C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antivirus]

--a------ 2008-08-26 17:22 416768 C:\Arquivos de programas\MSA\MSA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2007-02-21 16:50 58984 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

--a------ 2003-09-17 10:43 57344 C:\Arquivos de programas\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-07-24 11:02 490952 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-04-19 00:26 7700480 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-04-19 00:26 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-07-02 17:10 23237416 C:\Arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-07-07 09:42 2156368 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

--a------ 2004-11-04 14:59 218240 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\usrprmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2008-08-27 23:53 100056 C:\ARQUIV~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

--------- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 06:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-04-19 00:26 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-10-24 23:57 16855552 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2007-10-10 23:04 1826816 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\BitLord\\BitLord.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 17:57]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:45]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-10-31 20:56]

R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-08-13 16:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-08-27 C:\WINDOWS\Tasks\1-Click Maintenance.job

• C:\Arquivos de programas\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53]

2008-08-28 C:\WINDOWS\Tasks\Norton AntiVirus - Verificar o meu computador - Caco.job

• C:\ARQUIV~1\NORTON~1\Navw32.exe [2005-07-18 16:16]

.

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Caco\Dados de aplicativos\Mozilla\Firefox\Profiles\q8btqxig.default\

FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-28 19:25:52

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-08-28 19:26:23

ComboFix-quarantined-files.txt 2008-08-28 23:26:21

ComboFix2.txt 2008-08-28 18:17:39

Pre-Run: 7 pasta(s) 80,287,977,472 bytes disponíveis

Post-Run: 11 pasta(s) 80,264,032,256 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=8E7Q0V

286

HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 19:29:18, on 28/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Documents and Settings\Caco\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitLord\BitLord.exe"

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219543772266

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: ilwmmh.dll gsgxpz.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

Boa Noite! Nemesys

<!> Mantenha,ainda,a proteção TeaTimer do Spybot,desabilitada.

--------------------------

<@> Selecione e copie,todo o conteúdo que está entre os XXXX,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

File::

C:\Arquivos de programas\MSA\MSA.exe

C:\WINDOWS\system32\MSA.cpl

C:\WINDOWS\system32\gecwcsjs.dll

C:\WINDOWS\system32\ilwmmh.dll

C:\WINDOWS\system32\gsgxpz.dll

C:\WINDOWS\Alcmtr.exe

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antivirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2091865e]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=""

Folder::

C:\Arquivos de programas\MSA

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i25.tinypic.com/35j0br8.gif&key=33ead52ab13dbc43a0d122daf3b435735d437d1a6d5277a906a4a8fed79839e4" alt="35j0br8.gif" />

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

ComboFix:

ComboFix 08-08-27.06 - Caco 2008-08-28 22:20:49.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1681 [GMT -4:00]

Executando de: C:\Documents and Settings\Caco\Desktop\kOMBO.EXE.exe

Command switches used :: C:\Documents and Settings\Caco\Desktop\CFScript.txt

* Criado um novo ponto de restauro

FILE ::

C:\Arquivos de programas\MSA\MSA.exe

C:\WINDOWS\Alcmtr.exe

C:\WINDOWS\system32\gecwcsjs.dll

C:\WINDOWS\system32\gsgxpz.dll

C:\WINDOWS\system32\ilwmmh.dll

C:\WINDOWS\system32\MSA.cpl

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\MSA

C:\Arquivos de programas\MSA\MSA.cpl

C:\Arquivos de programas\MSA\MSA.exe

C:\Arquivos de programas\MSA\msa0.dat

C:\Arquivos de programas\MSA\msa1.dat

C:\WINDOWS\Alcmtr.exe

C:\WINDOWS\system32\gecwcsjs.dll

C:\WINDOWS\system32\MSA.cpl

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))

.

2008-08-28 21:02 . 2008-08-28 21:02	<DIR>	d--------	C:\Documents and Settings\LocalService\Dados de aplicativos\Symantec

2008-08-28 14:17 . 2008-08-28 14:17	<DIR>	d--------	C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-08-28 14:17 . 2008-08-28 14:17	<DIR>	d--------	C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-08-28 14:17 . 2008-08-28 14:17	<DIR>	d--------	C:\Documents and Settings\LogMeInRemoteUser\Configuraþ§es locais

2008-08-28 14:17 . 2008-08-28 14:17	<DIR>	d--------	C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-08-28 14:17 . 2008-08-28 14:17	<DIR>	d--------	C:\Documents and Settings\Caco\Configuraþ§es locais

2008-08-28 09:00 . 2008-08-28 14:24 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-28 08:59 . 2008-08-23 09:28	<DIR>	d--h-----	C:\Documents and Settings\LogMeInRemoteUser\Modelos

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	d--------	C:\Documents and Settings\LogMeInRemoteUser\Meus documentos

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	dr-------	C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	d--------	C:\Documents and Settings\LogMeInRemoteUser\Favoritos

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	dr-h-----	C:\Documents and Settings\LogMeInRemoteUser\Dados de aplicativos

2008-08-28 08:59 . 2008-08-28 22:22	<DIR>	d--h-----	C:\Documents and Settings\LogMeInRemoteUser\Configurações locais

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	d--h-----	C:\Documents and Settings\LogMeInRemoteUser\Ambiente de rede

2008-08-28 08:59 . 2008-08-23 05:25	<DIR>	d--h-----	C:\Documents and Settings\LogMeInRemoteUser\Ambiente de impressão

2008-08-28 08:59 . 2008-08-28 15:07	<DIR>	d--------	C:\Documents and Settings\LogMeInRemoteUser

2008-08-28 00:09 . 2008-08-28 00:09	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn

2008-08-28 00:09 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll

2008-08-28 00:09 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll

2008-08-28 00:09 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2008-08-28 00:09 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll

2008-08-28 00:08 . 2008-08-28 00:09 <DIR> d-------- C:\Arquivos de programas\LogMeIn

2008-08-28 00:08 . 2008-08-28 00:08 1,024 --a------ C:\.rnd

2008-08-27 23:53 . 2008-08-27 23:53 <DIR> d-------- C:\Arquivos de programas\SymNetDrv

2008-08-27 19:55 . 2008-08-27 19:55 86 --a------ C:\WINDOWS\wininit.ini

2008-08-27 19:35 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\2.ico

2008-08-27 19:22 . 2008-08-27 19:22 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys

2008-08-27 19:21 . 2008-08-27 19:32	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\Symantec

2008-08-27 19:21 . 2008-08-27 19:21	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\AdobeUM

2008-08-27 19:21 . 2008-08-27 19:32	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-08-27 19:21 . 2008-08-27 23:53	<DIR>	d--------	C:\Arquivos de programas\Symantec

2008-08-27 19:21 . 2008-08-27 23:55	<DIR>	d--------	C:\Arquivos de programas\Norton AntiVirus

2008-08-27 19:21 . 2008-08-28 06:11	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-08-27 19:21 . 2006-09-15 22:52 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-08-27 19:21 . 2006-09-15 22:52 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-08-27 19:18 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\1.ico

2008-08-27 08:06 . 2008-08-28 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\services

2008-08-27 08:01 . 2008-08-27 08:02 7,238 --a------ C:\wmcodec_update.exe

2008-08-27 08:00 . 2008-08-27 08:00	<DIR>	d--------	C:\WINDOWS\Elven Mists 2

2008-08-27 08:00 . 2008-08-27 08:00	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\Intenium

2008-08-26 22:11 . 2008-08-26 22:11	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\Thunderbird

2008-08-26 22:11 . 2008-08-26 22:11	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\Talkback

2008-08-26 22:11 . 2008-08-28 19:30	<DIR>	d--------	C:\Arquivos de programas\Mozilla Thunderbird

2008-08-26 20:45 . 2008-08-26 20:45 2,291,712 --a------ C:\WINDOWS\system32\TUKernel.exe

2008-08-26 20:36 . 2008-08-26 20:36 <DIR> d-------- C:\Arquivos de programas\PowerQuest

2008-08-26 20:30 . 2006-12-19 16:53 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-08-26 20:29 . 2008-08-26 20:29	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\TuneUp Software

2008-08-26 20:29 . 2008-08-26 20:48	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

2008-08-26 20:29 . 2008-08-26 20:39	<DIR>	d--------	C:\Arquivos de programas\TuneUp Utilities 2007

2008-08-26 20:29 . 2008-08-26 20:29	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-08-26 20:28 . 2008-08-26 20:28	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-26 20:28 . 2008-08-26 20:28	<DIR>	d--------	C:\Arquivos de programas\Ahead

2008-08-26 20:28 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-08-26 20:28 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-08-26 20:28 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-08-26 20:28 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-08-26 20:28 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-08-26 20:28 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

2008-08-26 20:28 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-08-26 20:28 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

2008-08-26 20:27 . 2008-08-26 20:27	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\ACD Systems

2008-08-26 20:26 . 2008-08-26 20:26	<DIR>	d--------	C:\Arquivos de programas\ACD Systems

2008-08-25 18:44 . 2008-08-25 18:44	<DIR>	d--------	C:\Arquivos de programas\ReflexiveArcade

2008-08-24 19:01 . 2008-08-24 19:02	<DIR>	d--------	C:\WINDOWS\system32\Adobe

2008-08-24 18:13 . 2008-08-26 15:28	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\Skype

2008-08-24 18:13 . 2008-08-24 18:13	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-08-24 18:13 . 2008-08-24 18:13	<DIR>	d--------	C:\Arquivos de programas\Skype

2008-08-24 18:13 . 2008-08-24 18:13	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Skype

2008-08-24 18:04 . 2008-08-28 21:08	<DIR>	d--------	C:\Jogos

2008-08-24 18:04 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-08-24 14:42 . 2008-08-24 14:42	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\Media Player Classic

2008-08-24 09:47 . 2008-08-24 09:47	<DIR>	d--------	C:\Arquivos de programas\PluginLetras

2008-08-24 08:46 . 2008-08-24 08:47	<DIR>	d--------	C:\Arquivos de programas\DAEMON Tools Toolbar

2008-08-24 08:46 . 2008-08-24 08:47	<DIR>	d--------	C:\Arquivos de programas\DAEMON Tools Lite

2008-08-24 00:29 . 2008-08-24 00:29	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-08-24 00:29 . 2008-08-24 00:29	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-08-24 00:29 . 2008-08-26 20:41	<DIR>	d--------	C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-24 00:25 . 2008-08-24 00:27	<DIR>	d--------	C:\Arquivos de programas\BitLord

2008-08-24 00:22 . 2008-08-24 08:50	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-08-24 00:22 . 2008-08-24 00:22	<DIR>	d--------	C:\Arquivos de programas\Spybot - Search & Destroy

2008-08-24 00:19 . 2008-08-24 00:19	<DIR>	d--------	C:\Documents and Settings\Caco\Dados de aplicativos\DAEMON Tools

2008-08-24 00:19 . 2008-08-24 00:20 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-08-24 00:16 . 2008-08-25 14:27	<DIR>	d--------	C:\Documents and Settings\Caco\Contacts

2008-08-24 00:16 . 2008-08-24 00:16	<DIR>	d--------	C:\Arquivos de programas\K-Lite Codec Pack

2008-08-23 23:04 . 2008-08-23 23:04 421 --a------ C:\WINDOWS\ODBC.INI

2008-08-23 23:03 . 2008-08-23 23:03	<DIR>	d--------	C:\WINDOWS\SHELLNEW

2008-08-23 23:03 . 2008-08-23 23:03	<DIR>	d--------	C:\Arquivos de programas\Microsoft Works

2008-08-23 23:03 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-08-23 23:01 . 2008-08-23 23:01	<DIR>	dr-h-----	C:\MSOCache

2008-08-23 22:15 . 2008-08-23 22:20	<DIR>	d--hsc---	C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-08-23 22:14 . 2008-08-23 22:14	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-08-23 22:14 . 2008-08-23 22:20	<DIR>	d--------	C:\Arquivos de programas\Windows Live

2008-08-23 22:12 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-08-23 22:12 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-08-23 22:12 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-08-23 22:07 . 2008-08-23 22:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-08-23 22:07 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-08-23 22:07 . 2003-03-18 16:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll

2008-08-23 22:07 . 2003-02-21 00:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll

2008-08-23 22:04 . 2008-08-23 22:04 0 --a------ C:\WINDOWS\nsreg.dat

2008-08-23 22:01 . 2008-08-23 22:01 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Creative

2008-08-23 21:59 . 2000-05-22 04:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx

2008-08-23 21:59 . 1999-10-10 21:00 41,984 --------- C:\WINDOWS\Ctregrun.exe

2008-08-23 21:55 . 2008-08-23 21:55 <DIR> d-------- C:\WINDOWS\system32\Data

2008-08-23 21:54 . 2004-02-18 09:52 176,128 --a------ C:\WINDOWS\system32\USBAudio.cpl

2008-08-23 21:54 . 2004-03-25 09:21 135,168 --a------ C:\WINDOWS\system32\USBAudio.crl

2008-08-23 21:54 . 2003-12-17 15:59 46,731 --a------ C:\WINDOWS\system32\usbaudio.chm

2008-08-23 21:54 . 2003-04-01 19:38 692 --a------ C:\WINDOWS\system32\USBAudio.cpl.manifest

2008-08-23 21:53 . 2008-08-23 21:59 <DIR> d-------- C:\Arquivos de programas\Creative

2008-08-23 21:53 . 2003-03-05 12:19 15,840 --a------ C:\WINDOWS\system32\drivers\PfModNT.sys

2008-08-23 21:50 . 2008-08-23 22:01 <DIR> d-------- C:\WINDOWS\nview

2008-08-23 21:50 . 2007-04-19 14:14 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-08-23 21:50 . 2007-04-19 00:26 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-08-23 21:50 . 2008-08-28 20:57 88,723 --a------ C:\WINDOWS\system32\nvapps.xml

2008-08-23 21:50 . 2007-04-19 00:26 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-08-23 21:47 . 2008-08-23 21:47	<DIR>	d--------	C:\Arquivos de programas\JPEG Camera

2008-08-23 21:45 . 2008-08-23 21:45	<DIR>	d---s----	C:\Documents and Settings\Caco\UserData

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-27 00:37 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-27 00:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-23 13:42 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-08-23 13:42 --------- d-----w C:\Arquivos de programas\Realtek

2008-08-23 13:40 --------- d-----w C:\Arquivos de programas\Intel

2008-08-23 13:31 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-08-23 13:30 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-23 13:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

.

((((((((((((((((((((((((((((( snapshot@2008-08-28_14.06.57.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-03-12 20:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll

+ 2007-05-16 20:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll

+ 2007-03-15 20:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll

+ 2007-05-16 20:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll

+ 2007-03-12 20:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll

+ 2007-05-16 20:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll

+ 2007-03-05 16:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll

+ 2007-06-21 00:45:20 18,280 ----a-w C:\WINDOWS\system32\x3daudio1_2.dll

+ 2007-01-24 19:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll

+ 2007-04-04 22:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll

+ 2007-06-21 00:46:04 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll

+ 2007-04-04 22:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"BitComet"="C:\Arquivos de programas\BitLord\BitLord.exe" [2005-05-06 20:47 2224128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 00:26 7700480]

"LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Speed Launcher.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk

backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

--a------ 2004-12-14 02:12 483328 C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2007-02-21 16:50 58984 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

--a------ 2003-09-17 10:43 57344 C:\Arquivos de programas\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-07-24 11:02 490952 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-04-19 00:26 7700480 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-04-19 00:26 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-07-02 17:10 23237416 C:\Arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-07-07 09:42 2156368 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

--a------ 2004-11-04 14:59 218240 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\usrprmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2008-08-27 23:53 100056 C:\ARQUIV~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

--------- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-04-19 00:26 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-10-24 23:57 16855552 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2007-10-10 23:04 1826816 C:\WINDOWS\SkyTel.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\BitLord\\BitLord.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 17:57]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:45]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-10-31 20:56]

R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-08-13 16:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

Newly Created Service - APPMGMT

Newly Created Service - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-08-27 C:\WINDOWS\Tasks\1-Click Maintenance.job

• C:\Arquivos de programas\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53]

2008-08-28 C:\WINDOWS\Tasks\Norton AntiVirus - Verificar o meu computador - Caco.job

• C:\ARQUIV~1\NORTON~1\Navw32.exe [2005-07-18 16:16]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-28 22:22:09

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-08-28 22:22:36

ComboFix-quarantined-files.txt 2008-08-29 02:22:34

ComboFix2.txt 2008-08-28 23:26:24

ComboFix3.txt 2008-08-28 18:17:39

Pre-Run: 8 pasta(s) 91,114,102,784 bytes disponíveis

Post-Run: 11 pasta(s) 91,103,571,968 bytes disponíveis

273

HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 22:23:02, on 28/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Caco\Desktop\Segurança\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitLord\BitLord.exe"

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219543772266

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

obrigado mais uma vez...

Bom Dia! Nemesys

<@> Vá a este Link,e baixe:

< Malwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo! ( Full Scan )

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens,detectados,para a quarentena.

<@> Para maiores detalhes: < Link >

-----------------------

<@> Poste,o relatório: mbam-log-8-29-2008 (00-00-00).txt

Abraços!

Log:

Malwarebytes' Anti-Malware 1.25

Versão do banco de dados: 1094

Windows 5.1.2600 Service Pack 2

07:10:02 29/8/2008

mbam-log-08-29-2008 (07-10-02).txt

Tipo de Verificação: Completa (C:\|E:\|)

Objetos verificados: 61835

Tempo decorrido: 7 minute(s), 20 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 20

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\qalkfxor.bgrm (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

C:\QooBox\Quarantine\C\WINDOWS\system32\cbXPggGV.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\cbXQggdA.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\efcAPgfc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\gecwcsjs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\gsgxpz.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\ilwmmh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\ofudcawn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\wigaqsme.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP43\A0002340.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP47\A0003892.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP47\A0003893.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP47\A0003906.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003939.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003937.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003938.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003940.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003941.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003942.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003943.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP52\A0007075.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Bom Dia! Nemesys

<@> Vá em Iniciar --> Executar --> Digite: combofix.exe /u --> Clique: OK

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: ComboFix desinstalado!

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

-------------------------

<@> Baixe: < CCleaner >

<@> Salve-o no Desktop!

<@> Com a opção < Limpador >,já selecionada,clique em Analisar.

<@> Aguarde o progresso!

<@> Terminando,clique em Executar Cleaner.

<@> Na janela que surgir,dê o Ok.

<@> Aguarde o progresso!

<@> Selecionando a opção Registro,clique em Procurar erros.

<@> Terminando,clique em Corrigir erros selecionados...

<@> Na pergunta,clique em Sim!

<@> Nomeie os backups e clique em Salvar.

<@> Na janela que aparecer,clique em: Corrigir todos os erros selecionados

<@> Clique em Ok --> Fechar.

-------------------------

<!> Os logs estão limpos!

<!> Bom trabalho! :thumbsup:

Abraços!

Suuuuper Obrigado! Me livrou de uma madrugada formatando o pc. Valew!

PROBLEMA RESOLVIDO!

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.